Fix unsafe string functions

Add string length limitations where necessary to avoid buffer overflows. Signed-off-by: Kinga Tanska <kinga.tanska@intel.com> Signed-off-by: Jes Sorensen <jes@trained-monkey.org>
author: Kinga Tanska <kinga.tanska@intel.com> 2023-05-11 04:55:12 +0200
committer: Jes Sorensen <jes@trained-monkey.org> 2023-09-01 18:09:07 +0200
commit: dd5ab40204b1d78ec3bdbcfd5a38a8ffb72bdb50 (patch)
tree: 513dd4a816c88061ed7104b184cbd59fdb130d10 /mdopen.c
parent: Fix memory leak in file mdadm (diff)
download: mdadm-dd5ab40204b1d78ec3bdbcfd5a38a8ffb72bdb50.tar.xz
mdadm-dd5ab40204b1d78ec3bdbcfd5a38a8ffb72bdb50.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/mdopen.c b/mdopen.c
index d3022a54..3daa71f9 100644
--- a/mdopen.c
+++ b/mdopen.c
@@ -193,14 +193,14 @@ int create_mddev(char *dev, char *name, int autof, int trustworthy,
 
 	if (dev) {
 		if (strncmp(dev, DEV_MD_DIR, DEV_MD_DIR_LEN) == 0) {
-			strcpy(cname, dev + DEV_MD_DIR_LEN);
+			snprintf(cname, MD_NAME_MAX, "%s", dev + DEV_MD_DIR_LEN);
 		} else if (strncmp(dev, "/dev/", 5) == 0) {
 			char *e = dev + strlen(dev);
 			while (e > dev && isdigit(e[-1]))
 				e--;
 			if (e[0])
 				num = strtoul(e, NULL, 10);
-			strcpy(cname, dev+5);
+			snprintf(cname, MD_NAME_MAX, "%s", dev + 5);
 			cname[e-(dev+5)] = 0;
 			/* name *must* be mdXX or md_dXX in this context */
 			if (num < 0 ||
author	Kinga Tanska <kinga.tanska@intel.com>	2023-05-11 04:55:12 +0200
committer	Jes Sorensen <jes@trained-monkey.org>	2023-09-01 18:09:07 +0200
commit	dd5ab40204b1d78ec3bdbcfd5a38a8ffb72bdb50 (patch)
tree	513dd4a816c88061ed7104b184cbd59fdb130d10 /mdopen.c
parent	Fix memory leak in file mdadm (diff)
download	mdadm-dd5ab40204b1d78ec3bdbcfd5a38a8ffb72bdb50.tar.xz mdadm-dd5ab40204b1d78ec3bdbcfd5a38a8ffb72bdb50.zip